- Then you do your first match policy. This is a logic "OR" supposing there are clients that will not fall wihtin the subnets/hosts described above, class-default will take care of that traffic and will end up being load balancing to the "Mixed" serverfam.

The class-maps type http will work to match both; HTTP and HTTPS because in this case the ACE won't need to check beyond layer 3 to make a decision.You can also do it with a generic class-map but it is pretty much the same thing.

Problem with generic class-maps is that can only be attached under "type" generic first-match policies,

i.e "policy-map type loadbalance generic LB"

Personally I've never seen generic policies being used; as the documentation states "use this keyword to provide support for protocols that the ACE does not explicitly support".You rarely see a "not supported" protocol because most of them work at layer 4 which represents not problem to the ACE.

"Is the above line default to only reference certain class-maps?"

Well... kinda, it allows you to match layer 3-4 class-maps and HTTP (L5), HTTP class-maps are design for L5 matching but they can also inspect from L3 to L7. HTTPS is readable up to layer 4 to the ACE or any device (if SSL termination is not configured); so that's why you can do a "source-match" for SSL traffic under a HTTP class-map/policy-match; in this case L5 inspection is not required at all.

Yup, if you wanted to balance any other L3/L4 protocol you're in good shape now, for example for FTP you can use the same class-map that includes the "source-match" then configure a new first-match policy and the new VIP or same VIP with "eq ftp". (FTP configuration is a little bit tricky though).

"Also if our HTTP traffic comes over a customised port say tcp port 8080, do we need to do anything on the ACE, or it is smart enough to know about HTTP on a different port?"

Same thing here, as long as you have a VIP that matches incoming traffic with dst port 8080 you shouldn't have any problem because it is still a L4 matching from the ACE perspective.

For example if you want to match standard and secondary HTTP ports under the same class-map assuming both ports are balanced to the same real servers then you would do it like this:

class-map match-any WEB

2 match virtual-address 10.10.10.10 tcp eq www

3 match virtual-address 10.10.10.10 tcp eq 8080

So that you can apply the same filtering to both ports under the first-match policy; saving config lines and resources at the same time.